CodeSentry
GrammaTech’s leading Binary Software Composition Analysis (SCA) solution for gaining component inventory and insights into vulnerabilities and software risk, generating SBOMs, supporting Vulnerability Disclosures, and responding to Software Supply Chain Security (SSCS) risks.
Scan Post-Production Applications, Packages & Containers
Binary Analysis When Source Code Not Available
CodeSentry is a Binary SCA solution that identifies open-source components in binaries, including firmware, containers, and mobile or desktop applications. The resulting component inventory is reported through an SBOM, which is also mapped to VulnDB, the industry’s most complete database of software vulnerabilities.
Generate SBOMs in Formats like SPDX & CycloneDX
Outputs in Multiple Formats
CodeSentry delivers the results of the binary scan via industry-standard SBOM formats, facilitating the integration and sharing of the discovered components with third-party systems and suppliers. The resulting application intelligence and vulnerability visibility mitigates risk, improves software security, and strengthens enterprise security postures by defending your products against software supply chain attacks.
Get a free SBOM
Support Broad File Format Coverage
Across Languages, Operating Systems, and Platforms
With support for a wide range of endpoint software archive formats, including self-extracting installers and popular package managers, CodeSentry makes it easy to scan the applications your organization uses every day. In addition, various virtual machines, disks, embedded, firmware, and mobile images are supported.
Key Benefits
Why CodeSentry? This product is designed to reduce time-to-market, exploit vulnerabilities and provide an SBOM.
Reduce time-to-market
Vendors, contractors, and partners provide compiled executables, not source code. Binary SCA analyzes compiled executables to identify open source components, then maps the components to our database of vulnerabilities.
Identify weak security practices
CodeSentry prevent vulnerable components from entering their products by proactively producing an accurate SBOM of third-party binaries components when binaries are evaluated.
Provide accurate SBOMs to customers.
CodeSentry’s Zero-Day Service can detect security issues associated with command and data injection, weak cryptography, race conditions, and many other common weaknesses.
The CodeSentry Difference
What makes GrammaTech’s binary software composition analysis technology better.
No Source Code Required
Source code is rarely available for third-party components, and is not always available to security teams, even for in-house applications. Binary SCA can produce an accurate SBOM without access to source code.
Views Code “As Deployed”
Source SCA only sees components “as built”. CodeSentry sees the binary that executes. This allows it to identify any components or vulnerabilities introduced during compilation and packaging code for release.
Fewer False Positives
Source SCA also often lists components that are not in the final build image, generating false positives. CodeSentry can accurately tell if a component is present in the final product or not.
4th and 5th Party Coverage
Direct vendors may use their own third parties for software development – so-called 4th or 5th party code. CodeSentry solves this problem by analyzing the final binary “as deployed”. It identifies open source no matter where it entered the software supply chain.
Comprehensive Vulnerability Database
CodeSentry maps components to the world’s largest and most complete database of vulnerabilities in open-source software projects by using public and private sources.
Vulnerability Detection
CodeSentry identifies reused components and continuously tracks any vulnerabilities throughout the software lifecycle. Detecting critical, N-day and 0-day vulnerabilities as well as misconfigurations of security features in compilers early and precisely is key to reducing the cybersecurity risk and impact.
Shift Left and Shift Right
Binary SCA allows organizations to identify vulnerable open source software when they evaluate third-party code, well before they incorporate it into their products. Binary SCA is also used as a final check to scan binaries prior to releasing to customers or before deployment.
Deployment Flexibility
Organizations building sensitive products need to always maintain control over their code bases. CodeSentry is the only Binary SCA solution that can be deployed on-premises. For organizations that wish to maintain lower overhead, a SaaS deployment option is available.
Telit
Read the Case Study View AllGrammaTech Helps Telit Deliver Safety Faster. Telit is a global leader in cellular-based M2M and Internet of Things (IoT) solutions that have been connecting the world from the inside out for nearly 20 years.
CodeSentry FAQs
Frequently asked questions about CodeSentry, GrammaTech’s Binary Software Composition Analysis Solution.
CodeSentry is derived from GrammaTech’s ground-breaking binary code analysis research. This technology applies software composition analysis (SCA) and achieves deep component results including open source software (OSS) without the need for source code. CodeSentry is suitable for enterprise-wide adoption and offers an extensive set of APIs.
CodeSentry supports environments across endpoints, embedded systems, firmware, and mobile devices including operating system support for Windows; Linux; macOS; RTOS; bare metal embedded software. Programming language support is provided for C; C++; Objective-C and object file compatibility for ELF; PE; Mach-0.
Yes. CodeSentry creates a detailed software bill of materials (SBOM) and lists known vulnerabilities in the detected components including any dependencies.
Yes. CodeSentry can be deployed as a single-tenant cloud application or as an on-premises solution, as well as an air-gapped on-prem solution. CodeSentry also supports a SaaS option.
Book a Demo
We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team.
book now